CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,129 vulnerabilities with CWE-200
CVE-2024-12584 MEDIUM
Xpro Addons for Elementor < 1.4.6.2 - Authenticated Sensitive Information Exposure via Duplicate Function
CVSS 4.3
CVE-2024-56443 MEDIUM
HarmonyOS - Exposure of Sensitive Information via UIExtension Module
CVSS 6.2
CVE-2024-12426 MEDIUM
LibreOffice 24.8.0.1-24.8.3 - Exposure of Sensitive Information via URL Environmental Variable Expansion
CVSS 6.5
CVE-2024-12532 MEDIUM
BWD Elementor Addons <4.3.18 - Info Disclosure
CVSS 4.3
CVE-2024-11282 MEDIUM
Passster <= 4.2.10 - Unauthenticated Sensitive Information Exposure
CVSS 5.3
CVE-2024-12159 MEDIUM
Optimize Your Campaigns - Google Shopping - Google Ads - Google Adw...
CVSS 5.3
CVE-2024-12140 MEDIUM
Elementor Addons AI Addons - Info Disclosure
CVSS 4.3
CVE-2024-11290 MEDIUM
Member Access <1.1.6 - Info Disclosure
CVSS 5.3
CVE-2024-12538 MEDIUM
Duplicate Post, Page & Any Custom Post <3.5.3 - Info Disclosure
CVSS 4.3
CVE-2024-13110 MEDIUM
Yunfan Learning Examination System 1.9.2 - Information Disclosure in Exam Answer Handler
CVSS 4.3
CVE-2024-13042 MEDIUM
Tsinghua Unigroup Electronic Archives Management System 3.2.210802 ...
CVSS 4.3
CVE-2024-47923 MEDIUM
Mashov < 3.8.32 - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 5.3
CVE-2024-47922 HIGH
Priority PRI WEB - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 7.5
CVE-2024-56509 HIGH
changedetection.io - Path Traversal
CVSS 8.6
CVE-2024-12984 MEDIUM
Amcrest <20241211 - Info Disclosure
CVSS 5.3
CVE-2024-45805 MEDIUM
OpenCTI < 6.3.0 - Unauthenticated Information Disclosure via Support Information Endpoint
CVSS 4.3
CVE-2024-12896 MEDIUM
Intelbras VIP S3020 G2-20241222 - Info Disclosure
CVSS 5.3
CVE-2024-11297 MEDIUM
Page Restriction WordPress < 1.3.6 - Unauthenticated Sensitive Information Exposure via WordPress Core Search
CVSS 5.3
CVE-2024-54009 MEDIUM
HPE Alletra Storage MP B10000 <10.4.5 - Info Disclosure
CVSS 4.0
CVE-2024-53991 HIGH
Discourse - Unauthorized Backup File Access via Nginx Request Manipulation
CVSS 7.5
CVE-2024-52589 LOW
Discourse - Unauthorized Exposure of User Email via Moderator Dashboard
CVSS 2.2
CVE-2024-12560 MEDIUM
Button Block <= 1.1.5 - Authenticated Sensitive Information Exposure
CVSS 4.3
CVE-2024-10548 MEDIUM
WP Project Manager <= 2.6.15 - Authenticated Sensitive Information Exposure via Project Task List REST API
CVSS 6.5
CVE-2024-11291 MEDIUM
Paid Membership Subscriptions <=2.13.4 - Unauthenticated Sensitive Information Exposure
CVSS 5.3
CVE-2024-12340 MEDIUM
Animation Addons for Elementor <1.1.6 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 10,129
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits